Privacy Policy

Effective May 8, 2026

DropCharge is a voice-driven charge-capture application for physicians who care for patients in the hospital setting. Patient privacy is the architectural foundation of the product. This policy explains what we collect, what we deliberately do not collect, and how data flows through the system.

This policy applies to the DropCharge iOS application, the DropCharge progressive web application, and the dropcharge.app website (collectively, “DropCharge”). DropCharge is operated by DropCharge LLC.

What We Collect

• Access code — hashed and stored on our backend; never stored or transmitted in plaintext.
• Device identifier — a non-personal device handle used for device binding and authorization.
• Email-delivery preferences — the billing-team destination email address you configure, stored locally on your device.
• Operational telemetry — non-PHI application logs (errors, performance, anonymous usage counts) used to keep the application healthy.

What We Do NOT Collect

The following patient identifiers never leave your device through DropCharge infrastructure and are never transmitted to any third-party service that we contract with:

• Patient name
• Medical Record Number (MRN)
• Patient date of birth
• Date of service
• Audio recordings of your dictation

When DropCharge sends the clinical narrative to AI for billing-code extraction, only the patient's age is included — calculated locally from the date of birth you entered, and capped at 90 in accordance with the HIPAA Safe Harbor de-identification standard (45 CFR § 164.514(b)(2)(i)(C)). The patient's actual date of birth is never transmitted.

HIPAA Architecture

DropCharge is built on a HIPAA Safe Harbor de-identification architecture. Patient identifiers are stripped before any data leaves the device through our infrastructure. The clinical narrative that does leave the device is processed by a Business Associate that has signed a HIPAA Business Associate Agreement (BAA) with us.

A real-time PHI detector runs during dictation. If a patient identifier appears in the transcribed narrative, DropCharge displays a warning and requires explicit user confirmation before any external API call is made.

Voice Dictation

Voice transcription is performed on your device. DropCharge does not send dictation audio to any external transcription service.

• iOS application: uses Apple's on-device SpeechAnalyzer framework. Audio is processed locally on the device and never leaves it.
• Progressive web application: uses the Web Speech API in iOS Safari. Audio handling is governed by the browser's own privacy controls.

AI Code Extraction

The de-identified clinical narrative (plus the patient's Safe-Harbor age) is sent to Amazon Web Services (AWS) Bedrock, which runs the Anthropic Claude model under a signed Business Associate Agreement between DropCharge LLC and AWS. AWS does not retain or train on the content sent for inference.

Email Delivery (Tier 1, Current Production)

The charge slip is composed locally on your device, with patient identifiers re-attached at the moment of composition, and is opened in your organization's authenticated Microsoft Outlook session. The email then travels through your organization's existing Microsoft 365 environment, which is HIPAA-compliant under your organization's BAA with Microsoft. DropCharge does not operate email servers and does not see the contents of charge-slip emails after they are composed.

Roadmap Features — Not Currently Available

The following features appear in our product roadmap and are not currently in production. When any of them launches, this policy will be updated to describe its data practices in detail before any user data flows through it.

• Tier 2 (Secure Link delivery) — server-side encrypted charge-slip storage with auto-expiring secure links delivered to billing teams. Charge slips will be stored on Amazon Web Services infrastructure governed by the existing DropCharge LLC Business Associate Agreement with AWS.
• Tier 3 (Billing Dashboard) — a billing-team dashboard for charge-slip review, export, and audit. The dashboard's backend storage will run on Amazon Web Services infrastructure governed by the existing DropCharge LLC Business Associate Agreement with AWS.
• Microsoft Graph email delivery — direct API-based email delivery through your organization's Microsoft 365 tenant, replacing the current Outlook compose flow.
• Push notifications — clinical-workflow reminders. When launched, reminder records will be stored only on infrastructure covered by an existing Business Associate Agreement.

Data Storage

On your device (iOS Keychain or browser local storage): encounter history, charge log (if enabled), email-delivery preferences, and application settings. This data stays on your device and is not synchronized to our servers.

On our servers: hashed access codes, device-registration records, and non-PHI operational telemetry. No patient identifiers are stored on DropCharge servers in the current production version.

We do not sell, rent, or share your data with any third party for marketing, advertising, or any purpose unrelated to providing the DropCharge service.

Third-Party Services

• Amazon Web Services — Bedrock (BAA-covered) — runs the Anthropic Claude language model for billing-code extraction. Receives the de-identified clinical narrative and Safe-Harbor age only.
• Microsoft 365 (your organization's tenant, governed by your organization's BAA with Microsoft) — email delivery of the charge slip.
• Vercel — application hosting and serverless functions. No PHI is processed on Vercel infrastructure.
• Supabase — backend database for hashed access codes and device-registration records. No patient identifiers are stored on Supabase in the current production version.
• Apple — iOS application distribution via the App Store and TestFlight.

iOS Permissions

The iOS application requests the following permissions, which are described in the application's purpose strings and used solely for the stated purposes:

• Microphone — to capture voice dictation of the clinical encounter for on-device transcription.
• Speech Recognition — to transcribe the dictation locally using Apple's SpeechAnalyzer framework. The audio does not leave the device.

Data Retention

On-device data persists until you clear your device storage, sign out of the application, or uninstall it. Hashed access codes and device-registration records on our backend persist for the duration of your active license; upon account deletion, they are removed within 30 days.

Account Deletion

You may request account deletion at any time by emailing support@dropcharge.app. Upon deletion:

• Your hashed access code is deactivated and your device-registration records are deleted from our backend within 30 days.
• Local data on your device may be removed by you at any time from the application's Settings screen or by uninstalling the application.

Children's Privacy

DropCharge is a clinical tool intended for use by licensed healthcare professionals. The application is not directed to, and does not knowingly collect personal information from, children under 13 years of age.

Changes to This Policy

We may update this policy from time to time. When we make a material change, we will notify active users by email to the contact address associated with the access code, by an in-application notice on next launch, and by updating the “Effective” date at the top of this policy.

Contact

Questions about this policy or how DropCharge handles your data:

DropCharge LLC
418 Broadway #11538
Albany, NY 12207

Privacy: privacy@dropcharge.app
Support: support@dropcharge.app

This policy was last updated on May 8, 2026.